@@ -138,6 +138,68 @@ int hid_bpf_set_data(struct hid_device *hdev, u8 *buf, u64 offset, u8 n, u32 dat
return 0;
}
+int hid_bpf_raw_request(struct hid_device *hdev, u8 *buf, size_t size,
+ u8 rtype, u8 reqtype)
+{
+ struct hid_report *report;
+ struct hid_report_enum *report_enum;
+ u8 *dma_data;
+ u32 report_len;
+ int ret;
+
+ /* check arguments */
+ switch (rtype) {
+ case HID_INPUT_REPORT:
+ case HID_OUTPUT_REPORT:
+ case HID_FEATURE_REPORT:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ switch (reqtype) {
+ case HID_REQ_GET_REPORT:
+ case HID_REQ_GET_IDLE:
+ case HID_REQ_GET_PROTOCOL:
+ case HID_REQ_SET_REPORT:
+ case HID_REQ_SET_IDLE:
+ case HID_REQ_SET_PROTOCOL:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ if (size < 1)
+ return -EINVAL;
+
+ report_enum = hdev->report_enum + rtype;
+ report = hid_get_report(report_enum, buf);
+ if (!report)
+ return -EINVAL;
+
+ report_len = hid_report_len(report);
+
+ if (size > report_len)
+ size = report_len;
+
+ dma_data = kmemdup(buf, size, GFP_KERNEL);
+ if (!dma_data)
+ return -ENOMEM;
+
+ ret = hid_hw_raw_request(hdev,
+ dma_data[0],
+ dma_data,
+ size,
+ rtype,
+ reqtype);
+
+ if (ret > 0)
+ memcpy(buf, dma_data, ret);
+
+ kfree(dma_data);
+ return ret;
+}
+
static int hid_bpf_run_progs(struct hid_device *hdev, enum bpf_hid_attach_type type,
struct hid_bpf_ctx *ctx, u8 *data, int size)
{
@@ -251,6 +313,7 @@ int __init hid_bpf_module_init(void)
.array_detached = hid_bpf_array_detached,
.hid_get_data = hid_bpf_get_data,
.hid_set_data = hid_bpf_set_data,
+ .hid_raw_request = hid_bpf_raw_request,
};
bpf_hid_set_hooks(&hooks);
@@ -1686,8 +1686,7 @@ int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
}
EXPORT_SYMBOL_GPL(hid_set_field);
-static struct hid_report *hid_get_report(struct hid_report_enum *report_enum,
- const u8 *data)
+struct hid_report *hid_get_report(struct hid_report_enum *report_enum, const u8 *data)
{
struct hid_report *report;
unsigned int n = 0; /* Normally report number is 0 */
@@ -77,6 +77,8 @@ struct bpf_hid_hooks {
void (*array_detached)(struct hid_device *hdev, enum bpf_hid_attach_type type);
int (*hid_get_data)(struct hid_device *hdev, u8 *buf, u64 offset, u8 size);
int (*hid_set_data)(struct hid_device *hdev, u8 *buf, u64 offset, u8 size, u32 data);
+ int (*hid_raw_request)(struct hid_device *hdev, u8 *buf, size_t size,
+ u8 rtype, u8 reqtype);
};
#ifdef CONFIG_BPF
@@ -946,6 +946,7 @@ __u32 hid_field_extract(const struct hid_device *hid, __u8 *report,
unsigned offset, unsigned n);
void implement(const struct hid_device *hid, u8 *report, unsigned int offset, unsigned int n,
u32 value);
+struct hid_report *hid_get_report(struct hid_report_enum *report_enum, const u8 *data);
#ifdef CONFIG_PM
int hid_driver_suspend(struct hid_device *hdev, pm_message_t state);
@@ -5105,6 +5105,13 @@ union bpf_attr {
* ctx->event.data field
* Return
* 0 on success, a negative error on failure.
+ *
+ * int bpf_hid_raw_request(void *ctx, void *buf, u64 size, u8 rtype, u8 reqtype)
+ * Description
+ * communicate with the HID device
+ * Return
+ * 0 on success.
+ * negative value on error.
*/
#define __BPF_FUNC_MAPPER(FN) \
FN(unspec), \
@@ -5301,6 +5308,7 @@ union bpf_attr {
FN(copy_from_user_task), \
FN(hid_get_data), \
FN(hid_set_data), \
+ FN(hid_raw_request), \
/* */
/* integer value in 'imm' field of BPF_CALL instruction selects which helper
@@ -107,6 +107,28 @@ static const struct bpf_func_proto bpf_hid_set_data_proto = {
.arg4_type = ARG_ANYTHING,
};
+BPF_CALL_5(bpf_hid_raw_request, void*, ctx, void*, buf, u64, size,
+ u8, rtype, u8, reqtype)
+{
+ struct hid_bpf_ctx *bpf_ctx = ctx;
+
+ if (!hid_hooks.hid_raw_request)
+ return -EOPNOTSUPP;
+
+ return hid_hooks.hid_raw_request(bpf_ctx->hdev, buf, size, rtype, reqtype);
+}
+
+static const struct bpf_func_proto bpf_hid_raw_request_proto = {
+ .func = bpf_hid_raw_request,
+ .gpl_only = true, /* hid_raw_request is EXPORT_SYMBOL_GPL */
+ .ret_type = RET_INTEGER,
+ .arg1_type = ARG_PTR_TO_CTX,
+ .arg2_type = ARG_PTR_TO_MEM,
+ .arg3_type = ARG_CONST_SIZE_OR_ZERO,
+ .arg4_type = ARG_ANYTHING,
+ .arg5_type = ARG_ANYTHING,
+};
+
static const struct bpf_func_proto *
hid_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
{
@@ -115,6 +137,10 @@ hid_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_hid_get_data_proto;
case BPF_FUNC_hid_set_data:
return &bpf_hid_set_data_proto;
+ case BPF_FUNC_hid_raw_request:
+ if (prog->expected_attach_type != BPF_HID_DEVICE_EVENT)
+ return &bpf_hid_raw_request_proto;
+ return NULL;
default:
return bpf_base_func_proto(func_id);
}
@@ -5105,6 +5105,13 @@ union bpf_attr {
* ctx->event.data field
* Return
* 0 on success, a negative error on failure.
+ *
+ * int bpf_hid_raw_request(void *ctx, void *buf, u64 size, u8 rtype, u8 reqtype)
+ * Description
+ * communicate with the HID device
+ * Return
+ * 0 on success.
+ * negative value on error.
*/
#define __BPF_FUNC_MAPPER(FN) \
FN(unspec), \
@@ -5301,6 +5308,7 @@ union bpf_attr {
FN(copy_from_user_task), \
FN(hid_get_data), \
FN(hid_set_data), \
+ FN(hid_raw_request), \
/* */
/* integer value in 'imm' field of BPF_CALL instruction selects which helper
@@ -67,6 +67,8 @@ static unsigned char rdesc[] = {
0xc0, /* END_COLLECTION */
};
+static u8 feature_data[] = { 1, 2 };
+
static pthread_mutex_t uhid_started_mtx = PTHREAD_MUTEX_INITIALIZER;
static pthread_cond_t uhid_started = PTHREAD_COND_INITIALIZER;
@@ -126,7 +128,7 @@ static void destroy(int fd)
static int event(int fd)
{
- struct uhid_event ev;
+ struct uhid_event ev, answer;
ssize_t ret;
memset(&ev, 0, sizeof(ev));
@@ -143,6 +145,8 @@ static int event(int fd)
return -EFAULT;
}
+ memset(&answer, 0, sizeof(answer));
+
switch (ev.type) {
case UHID_START:
pthread_mutex_lock(&uhid_started_mtx);
@@ -167,6 +171,15 @@ static int event(int fd)
break;
case UHID_GET_REPORT:
fprintf(stderr, "UHID_GET_REPORT from uhid-dev\n");
+
+ answer.type = UHID_GET_REPORT_REPLY;
+ answer.u.get_report_reply.id = ev.u.get_report.id;
+ answer.u.get_report_reply.err = ev.u.get_report.rnum == 1 ? 0 : -EIO;
+ answer.u.get_report_reply.size = sizeof(feature_data);
+ memcpy(answer.u.get_report_reply.data, feature_data, sizeof(feature_data));
+
+ uhid_write(fd, &answer);
+
break;
case UHID_SET_REPORT:
fprintf(stderr, "UHID_SET_REPORT from uhid-dev\n");
@@ -493,6 +506,59 @@ static int test_hid_user_call(struct hid *hid_skel, int uhid_fd, int sysfs_fd)
return ret;
}
+/*
+ * Attach hid_user_raw_request to the given uhid device,
+ * call the bpf program from userspace
+ * check that the program is called and does the expected.
+ */
+static int test_hid_user_raw_request_call(struct hid *hid_skel, int uhid_fd, int sysfs_fd)
+{
+ int err, prog_fd;
+ u8 buf[10] = {0};
+ int ret = -1;
+
+ LIBBPF_OPTS(bpf_test_run_opts, run_attrs,
+ .repeat = 1,
+ .ctx_in = &sysfs_fd,
+ .ctx_size_in = sizeof(sysfs_fd),
+ .data_in = buf,
+ .data_size_in = sizeof(buf),
+ .data_out = buf,
+ .data_size_out = sizeof(buf),
+ );
+
+ /* attach hid_user_raw_request program */
+ hid_skel->links.hid_user_raw_request =
+ bpf_program__attach_hid(hid_skel->progs.hid_user_raw_request, sysfs_fd);
+ if (!ASSERT_OK_PTR(hid_skel->links.hid_user_raw_request,
+ "attach_hid(hid_user_raw_request)"))
+ return PTR_ERR(hid_skel->links.hid_user_raw_request);
+
+ buf[0] = 2; /* HID_FEATURE_REPORT */
+ buf[1] = 1; /* HID_REQ_GET_REPORT */
+ buf[2] = 1; /* report ID */
+
+ prog_fd = bpf_program__fd(hid_skel->progs.hid_user_raw_request);
+
+ err = bpf_prog_test_run_opts(prog_fd, &run_attrs);
+ if (!ASSERT_EQ(err, 0, "bpf_prog_test_run_xattr"))
+ goto cleanup;
+
+ if (!ASSERT_EQ(run_attrs.retval, 2, "bpf_prog_test_run_xattr_retval"))
+ goto cleanup;
+
+ if (!ASSERT_EQ(buf[3], 2, "hid_user_raw_request_check_in"))
+ goto cleanup;
+
+ ret = 0;
+
+cleanup:
+
+ hid__detach(hid_skel);
+
+ return ret;
+}
+
/*
* Attach hid_rdesc_fixup to the given uhid device,
* retrieve and open the matching hidraw node,
@@ -603,6 +669,9 @@ void serial_test_hid_bpf(void)
err = test_hid_user_call(hid_skel, uhid_fd, sysfs_fd);
ASSERT_OK(err, "hid_user");
+ err = test_hid_user_raw_request_call(hid_skel, uhid_fd, sysfs_fd);
+ ASSERT_OK(err, "hid_user_raw_request");
+
err = test_rdesc_fixup(hid_skel, uhid_fd, sysfs_fd);
ASSERT_OK(err, "hid_rdesc_fixup");
@@ -9,6 +9,11 @@ char _license[] SEC("license") = "GPL";
__u64 callback_check = 52;
__u64 callback2_check = 52;
+struct {
+ __uint(type, BPF_MAP_TYPE_RINGBUF);
+ __uint(max_entries, 4096 * 64);
+} ringbuf SEC(".maps");
+
SEC("hid/device_event")
int hid_first_event(struct hid_bpf_ctx *ctx)
{
@@ -90,3 +95,55 @@ int hid_user(struct hid_bpf_ctx *ctx)
return 0;
}
+
+SEC("hid/user_event")
+int hid_user_raw_request(struct hid_bpf_ctx *ctx)
+{
+ const unsigned int buflen = 256;
+ const unsigned int _buflen = buflen * sizeof(__u8);
+ __u8 *buf;
+ int ret;
+ __u32 size;
+ __u8 rtype, reqtype;
+
+ buf = bpf_ringbuf_reserve(&ringbuf, _buflen, 0);
+ if (!buf)
+ return -12; /* -ENOMEM */
+
+ __builtin_memcpy(buf, ctx->u.user.data, _buflen);
+
+ /*
+ * build up a custom API for our needs:
+ * offset 0, size 1: report type
+ * offset 1, size 1: request type
+ * offset 2+: data
+ */
+ rtype = buf[0];
+ reqtype = buf[1];
+ size = ctx->u.user.size - 2;
+
+ if (size < _buflen - 2) {
+ ret = bpf_hid_raw_request(ctx,
+ &buf[2],
+ size,
+ rtype,
+ reqtype);
+ if (ret < 0)
+ goto discard;
+ } else {
+ ret = -7; /* -E2BIG */
+ goto discard;
+ }
+
+ __builtin_memcpy(&ctx->u.user.data[2], &buf[2], _buflen - 2);
+
+ ctx->u.user.size = ret + 2;
+ ctx->u.user.retval = ret;
+
+ ret = 0;
+
+ discard:
+ bpf_ringbuf_discard(buf, 0);
+
+ return ret;
+}
When we are in a user_event context, we can talk to the device to fetch or set features/outputs/inputs reports. Add a bpf helper to do so. This helper is thus only available to user_events, because calling this function while in IRQ context (any other BPF type) is forbidden. Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> --- drivers/hid/hid-bpf.c | 63 +++++++++++++++++ drivers/hid/hid-core.c | 3 +- include/linux/bpf-hid.h | 2 + include/linux/hid.h | 1 + include/uapi/linux/bpf.h | 8 +++ kernel/bpf/hid.c | 26 +++++++ tools/include/uapi/linux/bpf.h | 8 +++ tools/testing/selftests/bpf/prog_tests/hid.c | 71 +++++++++++++++++++- tools/testing/selftests/bpf/progs/hid.c | 57 ++++++++++++++++ 9 files changed, 236 insertions(+), 3 deletions(-)